I'd say the haphazard destruction of Blackberries and iPads with hammers is pretty explicit evidence of how bad State Dept IT policy and execution was.
Maybe I've worked in large corporations too much, but my first question when I see policy violations is not "How is this person conspiring?" but rather "What made following the official policy difficult? And how can we fix that?"
Also, the State Dept seems like exactly the sort of place policy violations become culturally routine: non-technical experts, doing work that is arguably "more important", with IT seen as a cost rather than profit center.
Or, she didn't even think about records retention or device security, in the same way that most politicians/executives don't, assuming it was handled by someone.
And it was in fact not, because there was no functioning policy enforcement at State.
Complex tasks like "set up a new computer" had months of lead time.